Test the agentless Desktop Single Sign-on configuration

Although testing your agentless Desktop Single Sign-on configuration is optional, Okta recommends that you test the agentless DSSO changes before implementing widespread changes to your org.

  1. Create a service account and configure a Service Principal Name
  2. Configure browsers for agentless Desktop Single Sign-on on Windows or Configure browsers for agentless Desktop Single Sign-on on Mac.
  3. Enable agentless Desktop Single Sign-on in test mode
  4. Optional. Enable Kerberos event logging. For more information, see https://support.microsoft.com/en-us/help/262177/how-to-enable-kerberos-event-logging.
  5. Validate the agentless Desktop Single Sign-on configuration by signing in using the direct Agentless DSSO endpoint URL:
    https://<myorg>.okta.com/login/agentlessDsso

If agentless DSSO is configured correctly, you can sign in without being prompted for credentials. If you experience problems signing in, make sure you have completed all of the implementation procedures.